CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – December 15, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

• Prosys OPC UA Simulation Server – Product Used in the Energy Sector
• Siemens SCALANCE X-200RNA Switch Devices – Product Used in the Water and Wastewater Sector and in the Energy Sector
• Siemens Multiple Denial of Service Vulnerabilities in Industrial Products – Product Used in the Water and Wastewater Sector and in the Energy Sector
• Siemens Multiple Vulnerabilities in SCALANCE Products
• Siemens Simcenter STAR-CCM+
• Siemens Polarion ALM
• Siemens Products affected by OpenSSL 3.0
• Siemens APOGEE/TALON Field Panels
• Siemens SIMATIC WinCC OA Ultralight Client
• Siemens SIPROTEC 5 Devices
• Siemens Parasolid
• Siemens Mendix Workflow Commons
• Siemens SISCO MMS-EASE Third Party Component
• Siemens Teamcenter Visualization and JT2Go
• Siemens APOGEE and TALON
• Siemens Mendix Email Connector
• Siemens SCALANCE SC-600 Family
• Siemens SICAM PAS  – Product Used in the Energy Sector
• Siemens Teamcenter Visualization and JT2Go
• Siemens SCALANCE X-200RNA Switch Devices
• Siemens SCALANCE X Switches (Update C)
• Siemens SCALANCE X Switches (Update B)
• Siemens SCALANCE X Switches (Update C)
• Siemens RUGGEDCOM Devices (Update D)
• Siemens Industrial Products Intel CPUs (Update G)
• Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update K) – Product Used in the Water and Wastewater Sector and in the Energy Sector
• Siemens SICAM P850 and P855 Devices (Update A)
• Siemens SCALANCE and RUGGEDCOM Products (Update B)
• Siemens Mendix SAML Module (Update B)
• Siemens PROFINET Stack Integrated on Interniche Stack (Update E)
• Siemens Nucleus RTOS FTP Server (Update A)
• Siemens Teamcenter Visualization and JT2Go (Update A)
• Siemens Web Server Login Page of Industrial Controllers (Update A)
• Siemens OpenSSL Affected Industrial Products (Update E)
• Siemens Industrial PCs and CNC devices (Update A)
• Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem (Update A) – Product Used in the Water and Wastewater Sector and in the Energy Sector
• Siemens SCALANCE X Switches (Update B) – Product Used in the Water and Wastewater Sector and in the Energy Sector
• Siemens Industrial Products (Update C)
• Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update D) – Product Used in the Water and Wastewater Sector and in the Energy Sector
• Siemens PROFINET Devices (Update L)

Alerts, Updates, and Bulletins:

• Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
• CISA Adds One Known Exploited Vulnerability to Catalog
• Microsoft Releases December 2022 Security Updates
• Apple Releases Security Updates for Multiple Products
• CISA Consolidates Twitter Accounts